Does deploying AI models in an existing process or system increase the attack surface of the host system? If so, how can this be mitigated? Who would be the owners for securing against those vulnerabilities and, where this is unclear, should organisations be sharing knowledge and security ownership, across the technology stack and system of deployment? Analyse and examine the full extent and range of cyber security risks to the UK economy in software development, distribution and supply chains. Identify what risks to the UK’s cyber resilience are introduced through software supply chains by software vendors and users? Which are the highest profile risks? We are interested in B2B/enterprise software rather than consumer software but including: operational technology, IT and cloud and on-premise.

Background

In order to ensure the UK is well protected now and in the future we need to build upon our existing knowledge of cyber security risks and the resilience of software supply chains and are working to identify which mitigations the government can leverage to ensure the UK is well protected now and in the future.

We’re also assessing the impact of these mitigations in driving enhanced security measures. A key area of research interest therefore is understanding the consequences of requiring higher levels of cybersecurity for products and digital services sold in the UK. Strengthening this evidence base will help shape and inform future policy work around the regulation of products and business requirements for cyber security.
Some technologies are critical to cyberspace. To build and sustain competitive edge in cyber-related technologies we need a coordinated, rigorous and consistent approach to identify and analyse critical areas of science and technology and prioritise national effort. CSDI is interested inbeing able to better anticipate the science and technology developments most vital to UK cyber power and in analysing thebe opportunities and risks related to those developments.

It is crucial to ensure that digital identity solutions are both secure and inclusive. The directorate seeks to gather further evidence on how best to enable more inclusive digital identity services whilst maintaining robust security measures. Digital identity solutions enable a person to prove something about themselves for the purposes of a transaction, an eligibility check or accessing services. This includes verifying a person’s age when purchasing age regulated products, when undertaking pre-employment checks or opening a bank account. The government is not mandating specific approach, but instead has committed to setting outcomes-based standards in the form of the UK digital identity & attributes trust framework. (https://www.gov.uk/government/publications/uk-digital-identity-and-attributes-trust-frameworkbeta-version/uk-digital-identity-and-attributes-trust-framework-beta-version)
Organisations that adhere to these standards and agree to oversight from the Office for Digital Identities and Attributes (OfDIA) will receive a trust mark, so that businesses and individuals can be confident that their digital identity solution is safe and secure.

Next steps

If you are keen to register your interest in working and connecting with DSIT Digital Technology and Telecoms Group and/or submitting evidence, then please complete the DSIT-ARI Evidence survey - https://dsit.qualtrics.com/jfe/form/SV_cDfmK2OukVAnirs.
Please view full details: https://www.gov.uk/government/publications/department-for-science-innovation-and-technology-areas-of-research-interest/dsit-areas-of-research-interest-2024

Source

This question was published as part of the set of ARIs in this document:

DSIT Areas of Research Interest 2024 GOV UK

Related UKRI funded projects

  • CyberSecDome

    Organisations across the sectors significantly benefit from digital transformation to support evolving business models, services and customer experience. Despite the benefits of digital infrastructure adoption, there are...

    Funded by: Horizon Europe Guarantee

    Why might this be relevant?

    Partially relevant as it addresses digital infrastructure security challenges and threat intelligence sharing, but does not specifically focus on software supply chains.

  • Cyber-R: Securing Businesses through Generative AI-based Adaptive Cyber Resilience Service

    According to the UK Cyber Security Breaches Survey 2024, UK businesses faced approximately 7.78 million cybercrimes over the past year, with phishing attacks accounting for 84% of these incidents. Additionally, 50% of bu...

    Funded by: Innovate UK

    Lead research organisation: UNIVERSITY OF WOLVERHAMPTON

    Why might this be relevant?

    Fully relevant as it specifically addresses cyber resilience, AI-based solutions, and the shortage of cybersecurity skills in UK businesses.

  • Explainable and Robust AI-powered Intrusion Detection Management

    Recently there has been a rise in cyber attacks with 81% of UK organizations suffering some form of cyberattack in 2021\. In the UK the cost amounts to $1.08 million per incident while the lack of a specialised workforce...

    Funded by: Innovate UK

    Why might this be relevant?

    Partially relevant as it focuses on AI-powered intrusion detection management, but does not specifically address software supply chains or ownership of security vulnerabilities.

  • Machine Learning, Robust Optimisation, and Verification: Creating Synergistic Capabilities in Cybersecurity Research

    The need for better support to deal with the threats of cybersecurity is undisputed. Organisations are faced with an ever growing number of malware and integrated malware attack tools, attempted attacks on infrastructure...

    Funded by: EPSRC

    Why might this be relevant?

    Partially relevant as it focuses on machine learning, robust optimization, and verification in cybersecurity, but does not specifically address AI models in existing systems.

  • Academic Centre of Excellence in Cyber Security Research - Cardiff University

    Cardiff University is a leading UK academic institution for cyber security analytics and artificial intelligence - the interpretation and effective communication of applied data science and AI methods through interdiscip...

    Funded by: EPSRC

  • Development of an Intelligent cyber defence software for Home and SME Use that Predicts Cyber Attacks Before they Occur and Deals with them Accordingly

    Founded by Paul Hague and Paul Jenkins, BlackDice is a UK-based SME that aims to address the issue created by the increased surface area for cyberattacks that is a result of the recent shift to remote/home working post-C...

    Funded by: Innovate UK

  • AI - Cybersecurity Nexus

    The project **AI-Cybersecurity Nexus** is dedicated to addressing the critical intersection of cybersecurity and artificial intelligence (AI), specifically targeting small to medium-sized enterprises (SMEs) in Greater Ma...

    Funded by: Innovate UK

  • Cyber Enterprise Security - predict it, fix it

    This project is a new approach to making sure an enterprise (be that a business, defence such as the MoD or Health) can function as best as possible as the state of cyber changes. This could be as a result of cyber-attac...

    Funded by: Innovate UK

  • Cyber Graph-to-Text: AI automation for Threat Intelligence, made accessible to all

    The intelligence cycle is the process of collecting, analysing, and disseminating intelligence to help decision makers understand their environment and make appropriate decisions. However, the human mind is not capable o...

    Funded by: Innovate UK

  • ATM: Automated Threat Modelling for Enterprise AI-enabled Assets

    In today's AI era, most companies use AI assets incorporating machine learning and deep learning models. In this context, AI assists enterprises in their decision-making process. The estimated cost of building and implem...

    Funded by: ISCF